Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[low] check TLS cert secret actually matches the host #60

Open
wasaga opened this issue Oct 5, 2021 · 1 comment
Open

[low] check TLS cert secret actually matches the host #60

wasaga opened this issue Oct 5, 2021 · 1 comment
Assignees
@wasaga
Labels
enhancement New feature or request

Comments

@wasaga
Copy link
Collaborator

wasaga commented Oct 5, 2021

Is your feature request related to a problem? Please describe.

apparently cert-manager would not complain if you specify an ingress and define host that does not match the contents of the referenced secret.

pomerium would then bind this route to the first cert it has in the chain.

Describe the solution you'd like

we probably should perform this check and consider it an invalid configuration.
@wasaga wasaga added the enhancement New feature or request label Oct 27, 2021
@wasaga wasaga changed the title check TLS cert secret actually matches the host [low] check TLS cert secret actually matches the host Oct 27, 2021
@calebdoxsey
Copy link
Contributor

Do we have more details about what the issue is here? What's the configuration that can lead to the problem?

@calebdoxsey calebdoxsey added blocked PR/ISSUE is blocked by third party WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided. labels Jan 19, 2022
@travisgroth travisgroth removed blocked PR/ISSUE is blocked by third party WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided. labels Jan 20, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wasaga wasaga

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@calebdoxsey @wasaga @travisgroth